AIO Glossary

Question 1

A tool that sites between client systems and the back end services they call via API rwquests in order to serve as a reverse proxy for security and performance capabilities

Answer 1

API Gateway

Question 2

A set of functions, routines, tools or protocols for building applications. An API allows for interaction between systems and applications that can be leveeraged by developers as building blocks for their applications and data access through a common method, without custom coding for each integration

Answer 2

Application Programming Interface (API)

Question 3

An estimated number of the times a threat will successfully exploit a given vulnerability over the couse of a single year

Answer 3

Annualized Rate of Occurrence (ARO)

Question 4

A threat modeling approach composed of Architecture, Threats, Attack Surfaces and Mitigations

Answer 4

ATASM

Question 5

The ability to properly capture, analyze and report on any and all events that happen within a system or application, such as data access and modification, user actions and processes, controls and compliance and regulatory and contractual compliance

Answer 5

Auditability

Question 6

The process of evaluating credentials presented by a user, application or service to prove its identity as compared to values already known and verified by the authentication system

Answer 6

Authentication

Question 7

The process of granting or denying access to a system, network or application after successful authentication has been performed, based on approved criteria set by regulation

Answer 7

Authorization

Question 8

Part of the change management process, which establishes an agreed upon standard configuration and the attributes that comprise it and forms the basis for managing change from that point forward

Answer 8

Baseline

Question 9

A heavily fortified system that serves as a jumpbox or proxy between an untrsuted network and trusted networks

Answer 9

Bastion Host

Question 10

The capability of an organization to continue the operation of systems or applications at a predetermined level after an incident or a disruption of service

Answer 10

Business Continuity

Question 11

A process designed to identify risks, threats and vulnerabilities that could disrupt or impact services, with the intent of determining mitigation stratgies and response processes should they occur

Answer 11

Business Continuity Management

Question 12

A developed and tested document, containing information from stakeholders and staff, for the continuation of operations and services in the event of a disruption or incident

Answer 12

Business Continuity Plan

Question 13

A structured methodology to identify and evaluate the possible risks and threats that operations or services could be impacted by, as well as the possible or liklely extent of impact and disruption

Answer 13

Business Impact Analysis

Question 14

The formal documentiation showing the chronological control and disposition of data or evidence, either physical or electronic. This documentation includes creation, all changes of possession and final disposition.

Answer 14

Chain of Custody

Question 15

Federation

Answer 15

A group of IT service providers that interoperate based on an agreed upon set of standards and operations

Question 16

An individual with a role in the change management process who ensures the overall change process is properly executed. This person also directly handles low levels tasks related to the change process

Answer 16

Change Manage

Question 17

A software tool or service that sits between cloud resources and the clients or systems accessing them. It serves as a gateway that can perform a variety of security and policy enforcement functions. A CASB typically can consolidate and perform the functions of firewalls and web applications firewalls as well as provide authentication and data loss prevention capabilities

Answer 17

Cloud Access Security Broker

Question 18

An application that is never installed on a local server or desktop but is instead accessed via a network or the Internet. A cloud application merges the functionalty of a local application with the accessibility of a web based application

Answer 18

Cloud Application

Question 19

Cloud Application Management for Platforms (CAMP)

Answer 19

Within a PaaS implementation, CAMP servers as the framework and specification for managing platform services, encompassing a RESTful protocol for managing services, the model for describing and documenting the components that comprise the platform, and the language describing the overall platform, its components and services and the metadata about it

Question 20

An audit that is specifically responsible for conducting audits of cloud systems and cloud applications. The cloud auditor is responsible for assessing the effectiveness of cloud service and identifying control deficiencies between the cloud customer and the cloud provider, as well as the cloud broker if one is used

Answer 20

Cloud Auditor

Question 21

The process of using a cloud based backup system, with files and data being sent over the network to a public or private cloud provider for backup, rather than running traditional backup systems within a data center

Answer 21

Cloud backup

Question 22

A public or private cloud services organization that offers backup services to either the public or organizational clients, either on a free basis or using various costing models based on either the amount of data or number of systems

Answer 22

Cloud Backup Service Provider

Question 23

Services that run within a public or private cloud offering backup solutions, either through client based software that does automatic or scheduled backups or through manual backups initiated by a user or system

Answer 23

Cloud Backup Solutions

Question 24

An organization that sells and offers cloud services, and possibly cloud support services, to various organizations and works as a middleman between the cloud customer and cloud provider

Answer 24

Cloud Computing Reseller

Question 25

A formally published guide by the Cloud Security Alliance that enables cloud customers to evaluate a prospective cloud provider in regard to its security posture, The CCM also allows a cloud provider to structure its security approach

Answer 25

Cloud Controls Matrix (CCM)

Question 26

An organization or individual that utilzies and consumes resources and services from a cloud provider. This can be in the form of free public services and systems or private and gee based applications or solutions

Answer 26

Cloud Customer

Question 27

The ability to move data between cloud providers

Answer 27

Cloud Data Portability

Question 28

A database that is installed in a cloud environment and accessed via the network or the Internet by a user or application. Because the database is being installed in a cloud environment instead of a typical server environment, elasticity, scalability and high availability can be achieved and maximized

Answer 28

Cloud Database

Question 29

A partner that serves as an intermediary between a cloud service customer and a cloud service provider

Answer 29

Cloud Service Broker

Question 30

A group of cloud services with a common set of features or qualities

Answer 30

Cloud Service Categoriy

Question 31

On that holds a relation with either a cloud service provider or a cloud service customer to assist with cloud services and their delivery

Answer 31

Cloud Service Partner

Question 32

Common Criteria

Answer 32

A set of international guidelines and specifications for the evaluation of IT security resources to ensure that they meet an agreed upon set of security standards, specifically focused on government computing and security needs and requirements. The Common Criteria for Information Technology Security Evaluation is formalized as an international standard in ISO/IEC 15408

Question 33

A cloud infrastructure provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns. It may be owned, managed and operated by one or more of the organizations in the community, a third party or some combination of these and it may exist on or off premises

Answer 33

Community Cloud

Question 34

CaaS allows for the execution of compute intensive workloads to be performed in the cloud. Code can be executed in a serverless environment where the customer only pays for the computing time and cycles they consume, without the need for setting up server instances or environments.

Answer 34

Compute as a Service (CaaS)

Question 35

Confidential computing is a paradigm that isolates the processing of data within protected CPU segments that are completely isolated from other users and systems

Answer 35

Confidential Computing

Question 36

Establishing a controlled means of consistency throughout a systems lifecycle, based on its requirements and technical specifications, to properly ensure configuration controls, performance standards and design requirements

Answer 36

Configuration Management

Question 37

A software package that contains all of the code, configuration, and libraries needed for an application to operate, packaged inside a single unit

Answer 37

Container

Question 38

The process of taking logs from many different systems and putting them together based on a commonality in order to fully track a session or transaction

Answer 38

Correlation

Question 39

A very common type of security vulnerability found with web applications, where an attacker can inject client side scripts into web pages that are then viewed and executed by other users.; The goal of XSS from an attackers perspective is to bypass the security controls of an application, such as an access control with a same origin policy

Answer 39

Cross Site Scripting

Question 40

Data that resides on a system in persistent storage, such as disks, tapes, databases or any other type of storage device

Answer 40

Data at Rest (DAR)

Question 41

The feature of cloud storage where data is spread across data centers or wide geographic areas for redundancy and speed. The degree of dispersion is typically based on the needs of the application and the level of service provured by the cloud customer

Answer 41

Data Dispersion

Question 42

Serverless, managed data processing service offered by a cloud provider for the execution of data pipelines

Answer 42

Data Flow

Question 43

Data that flows over a networked connection, either through public unsecured networks or internal protected corporate networks

Answer 43

Data in Transit

Question 44

Data within a system or application that is currently being processed or is in use, either through the computing resources or residing in memory

Answer 44

Data in Use

Question 45

An overall strategy and process for ensuring that users cannot send sensitive or protected information outside of network or systems that are secured and protected. This can be related to the intentional attempt by user to transfer such information, but it also applies to preventing the accidental sending or leakage of data

Answer 45

Data Loss Prevention

Question 46

The ability to easily move data from one system to another without having to re-enter it

Answer 46

Data Portability

Question 47

A suite of tools used to monitor database operations and functions in real time in order to detect security concerns or anomalies

Answer 47

Database Activity Monitoring (DAM)

Question 48

A subscription service where the database is installed, configured, secured and maintained by the cloud provider, the the cloud customer on responsible for loading their schema and data

Answer 48

Database as a Service (DBaaS)

Question 49

A cloud based equivalent of a traditional virtual desktop interface (VDI) that is hosted and managed by a cloud provider rather than on hardware owned by the customer

Answer 49

Desktop as a Service (DaaS)

Question 50

Combines software development with IT operations, with a goal of shortening the software development time and providing optimal uptime and quality of service

Answer 50

DevOps

Question 51

Short for development, security and operations. The process of integrating security at all levels and stages of development and operations to fully ensure best practices and a focus on security

Answer 51

DevSecOps

Question 52

Information that specifically applies to a unique individual such as name, address, phone number, email address, or unique identifying numbers of codes

Answer 52

Direct Identifier

Question 53

A utility from VMware that balances computing demands and available resources within the virtualized environment

Answer 53

Distributed Resource Scheduler (DRS)

Question 54

The testing of an application while it is in an operational state with currently running systems, applications and networks

Answer 54

Dynamic Application Security Testing (DAST)

Question 55

The process of moving and reallocating virtual machines and resources within a cluster environment to maintain optimal performance with balanced and distributed resource utilization

Answer 55

Dynamic Optimization

Question 56

A computing paradigm that is based on putting the processing of data and computing resources as close to the source of that data as possible

Answer 56

Edge Computing

Question 57

The process for a criminal or civil legal case where electronic data is determined, located and secured to be used as evidence

Answer 57

eDiscovery

Question 58

The process of encoding and securing data so that only authorized parties in possession of the correct information, credentials or keys can access it

Answer 58

Encryption

Question 59

An application that runs on a large and distributed scale and is deemed mission critical to a company or organization

Answer 59

Enterprise Application

Question 60

A cloud based backup and recovery service that is related to and similar to those offered for personal use, but scaled and focsed on large scale and organizational level services

Answer 60

Enterprise Cloud Backup

Question 61

Temporary, unstructured storage that is only used for a node or service while it is active and in use and the is destroyed upon being shut down or deleted

Answer 61

Ephemeral Storage

Question 62

An action or situation that is recognized by software that then causes some action or response by the software to be taken

Answer 62

Event

Question 64

A security standard published by the US federal government that pertains to the accreditation of cryptographic modules

Answer 64

FIPS 140-2

Question 65

The use of a location technology such as WiFi, cellular networks, RFID tags, IP address locations or GPS to control access or behavior of devices

Answer 65

Geofencing

Question 66

A physical device, typically a plugin card or an external device, that attaches to a physical computer. It is used to perform encryption and decryption of digital signatures, authentication operations and other services where cryptography is necessary

Answer 66

Hardware security modules (HSM)

Question 67

Taking data of an arbitrary type, length or size and using a mathematical function to map the data to a value that is of a fixed size. Hashing can be applied to virtually any type of data object, text strings, documents, images, binary data and even virtual machine images

Answer 67

Hashing

Question 68

The HITECH Act of 2009 provided incentives for health care providers to expand their use of tech, including the widespread adoption of electronic health record systems

Answer 68

Health Information technology for economic and clinical health act

Question 69

The Health Insurance Portability and Accountability Act of 1996 requires the US department of health and human services to publish and enforce regulations pertaining to electronic health records and identifiers between patients, providers and insurance companies. It is focused on the security controls and confidentiality of medical records, rather than specific technologies used, so long as they meet the requirements of the regulations

Answer 69

Health Insurance Portability and Accountability Act (HIPAA)

Question 70

A hosted based intrusion detection system monitors the internal resources of a system for malicious attempts. It can also be used for packet inspection and network monitoring

Answer 70

Host Based Intrusion detection system

Question 71

A cloud infrastructure composed of two or more distinct cloud infrastructure that remain unique entities but are bonded together by standardized or proprietary technology that enables data and application portability

Answer 71

hybrid cloud

Question 72

A virtual machine manager that allows and ebales multiple virtual hosts to reside on the same physical host

Answer 72

Hypervisor

Question 73

A subscription based service for Identity and Access Management and single sign on that is offered over the Internet versus deployed by the customer

Answer 73

Identity as a Service (IDaaS)

Question 74

A system responsible for determining the authenticity of a user or system, thus providing assurance to a service that the identity is valid and known and possibly providing additional info about the identity of the user or system to the service provider requesting it

Answer 74

Identity Provider (IdP)

Question 75

An event that could potentially cause a disruption to an organizations systems, services or applications

Answer 75

Incident

Question 76

Pieces of information about an entity that cannot be used individually to identify that entity uniquely but can be used in combination to potentially do so. Examples include place of birth, race, employment history and educational history

Answer 76

Indirect Identifiers

Question 77

A subset of digitial rights management that is focused on protecting sensitive information from unauthorized exposure or use

Answer 77

INformation Rights Management (IRM)

Question 78

The capability provided to a consumer to provision processing, storage, networks and other fundamental computing resources in order to deploy and run arbitrary software, including OS and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over OS< storage and deployed applications and possibly limited control of select networking components such as host firewalls

Answer 78

Infrastructure as a Service (IaaS)

Question 79

A way of managing and provisioning infrastructure components through definition files, versus the traditional way of using configuration tools. Typically, admins maintain definition files that contain all the options and settings needed to deploy virtual machines or other pieces of a virtual infrastructure

Answer 79

Infrastructure as Code (IaC)

Question 80

A method for monitoring an application while it is running and has processes interacting with it, continually scanning for any security vulnerabilities.

Answer 80

Interactive Application Security Testing (IAST)

Question 81

The ease and ability to reuse components of a system or application regardless of the underlying system design and provider

Answer 81

Interoperability

Question 82

A device, appliance, or software implementation that monitors servers, systems or networks for malicious activities

Answer 82

Intrusion detection system (IDS)

Question 83

A network based appliance or software that examines network traffic for known exploits or any attempts to use exploits, and actively stop them or blocks attempts

Answer 83

Intrusion prevention system (IPS)

Question 84

A formal specification for information security management systems that provides, through completion of a formal audit, certification from an accredited body for compliance, ISO/IEC 27001:2018 is the latest revision

Answer 84

ISO/IEC 27001 and 27001:2018

Question 85

A collection of papers and concepts that lays out a vision for an IT Service Management (ITSM) framework for IT services and user support

Answer 85

IT Infrastructure Library (ITIL)

Question 86

The authority to exert regulatory and legal control over a defined area of responsibility. Jurisdictions can overlap between the local, state/province, and national levels

Answer 86

Jurisdiction

Question 87

A system or service that manages keys used for encryption within a system or application that is separate from the actual host system. The KMS will typically generate, secure and validate keys

Answer 87

Key Management Service (KMS)

Question 88

A metric that provides quantitative value that can be sued to evaluate how effectively key business requirements are being met

Answer 88

Key Performance Indicator (KPI)

Question 89

The process of collecting and preserving data as required by an official request from a legal authority

Answer 89

Legal Hold

Question 90

A provider of IT services where the technology, software and operations are determined and managed away from the customer or user

Answer 90

Managed Service Provider

Question 91

The process of aligning data values and fields with specific definitions or requirements

Answer 91

Mapping

Question 92

A measure, typically in hours, of what the average time between failures is for a hardware component in order to determine its reliability

Answer 92

Mean Time Between Failures (MTBF)

Question 93

A measure for hardware components of the typical or average time to repair a recover after a failure

Answer 93

Mean TIme to Repair (MTTR)

Question 94

A cloud service thats delivered and billed for in a metered way

Answer 94

Measured Service

Question 95

Data that gives additional descriptive information about other data. THis can be in the form of structural data that pertains to how the information is stored and represented, or it can be descriptive data that contains information about the actual content of the data

Answer 95

Metadata

Question 96

Cloud based storage, typically used for mobile devices such as tablets, phones and laptops, that enables the user to access their data from any network location and across multiple devices in a uniform way

Answer 96

Mobile Cloud Storage

Question 97

Mobile Device Management

Answer 97

MDM is an encompassing term for a suite of policies, technologies and infrastructure that enables an organization to manage and secure mobile devices that are granted access to its data across a homogenous environment. This is typically accomplished by installing software on a mobile device that allows the IT department to enforce security configurations and policies, regardless of whether its owned by the organization or is a private device owned by the user

Question 98

Having multiple customers and applications running within the same environment but in a way that they are isolated from each other and not visible to each other, while still sharing the same resources

Answer 98

Multitenancy

Question 99

A device placed at strategic places on a network to monitor and analyze all network traffic traversing the subnet and them compare it against signatures for known vulnerabilities and attacks

Answer 99

Network based intrusion detection system

Question 100

Contains a set of rules that can be applied to network resources for the processing and handling of network traffic. The group contains info used to filter traffic based on the direction of traffic flow, source address, destination address, ports of both the source and destination and the protocols being used for transmission

Answer 100

Network Security Group

Question 101

Title Security and Privacy Control for Federal Information Systems and Organizations NIST SP 800-53 provides a set of security controls for all systems under the US federal government, with the exception of systems dedicated to national security

Answer 101

NIST SP 800-53

Question 102

The ability to confirm the origin or authenticity of data to a high degree of certainty

Answer 102

Non repudiation

Question 103

A set of standards for protecting the national power grid and systems, specifically from a cyber security perspective

Answer 103

North American Electric Reliability Corporation / Critical Infrastructure Protection (NERC/CIP)

Question 104

A storage method used with IaaS where data elements are managed as objects rather than hierarchically with a file system and directory structure

Answer 104

Object Storage

Question 105

The ability for a cloud customer to provision services in an automatic manner, when needed, with minimal involvement from the cloud provider

Answer 105

On Demand Self Service

Question 106

An official ITIl term that relates to a specialized service level argeement (SLA) pertaining to internal parties of an organization, rather than between a customer and provider

Answer 106

Operational Level Agreement (OLA)

Question 107

The automation of tasks within a public or private cloud that manages administration, workloads, and operations within the environment

Answer 107

Orchestration

Question 108

The process of securely removing data from a system by writing blocks of randmo or opaque data on storage media to destory any previous data and make it unrecoverable

Answer 108

Overwriting

Question 109

Process for Attack Simulation and Threat Analysis is a seven step method that is platform agnostic and combines business objectives, technical requirements and compliance for threat management

Answer 109

PASTA

Question 110

An industry regulation that applies to organizations that handle credit card transactions. Rather than being a legal regulation passed by government authorities, it is enforced and administered by the credit card industry itself. The regulations are designed to enforce security best practices to reduce credit card fraud

Answer 110

Payment Card Industry Data Security Standard

Question 111

The capability provided to the customer to deploy onto the cloud infrastructure any consumer created or acquired applications written using programming languages, libraries, services and tools supported by the provider. The customer does not manage or control the underlying infrastructure, including the network, servers, OS, and storage, but does have control over the deployed applications and possibly configuration settings for the application hosting environment

Answer 111

Platform as a Service

Question 112

The ability of a system or application to seamlessly and easily move between different cloud providers

Answer 112

Portability

Question 113

A specific type of analysis conducted by an organization that stores or processes sensitive and private data. The organization will evaluate its iternal processes for development and operations with an eye toward the protection of personal data throughout the entire lifetime of its possession and use

Answer 113

Privacy Impact Assessment (PIA)

Question 114

A declaration published by the cloud service provider documenting its approach to data privacy. The cloud service provider implements and maintains the PLA for the systems it hosts

Answer 114

Privacy Level Agreement (PLA)

Question 115

A cloud infrastructure provisioned for exclusive use by a single organization composed of multiple consumers. It may be owned, managed and operated by the organization, a third party, or some combination thereof, and it may exist on or off premises

Answer 115

Private Cloud

Question 116

A special designation of data under United States law that encompasses any health related data that can be tied to an individual, including health status, healthcare services sought or provided, or any payment related to healthcare

Answer 116

Protected Health Information (PHI)

Question 117

A cloud infrastructure provisioned for open use by the general public. It may be owned, managed and operated by a business, academic organization, or governmental organization, or some combination of both. It exists on the premises of the cloud provider

Answer 117

Public Cloud

Question 118

Quantum computing involves the use of quantum phenomena, such as the interactions between atoms or wave movements, to aid in computation

Answer 118

Quantum Computing

Question 119

A point of time in the past that an organization is willing to revert to in order to restore lost data or services following an interruption

Answer 119

Recovery Point Objective (RPO)

Question 120

A defined maximum time duration for which an organization can accept the loss of data or services following an interruption

Answer 120

Recovery Time Objective (RTO)

Question 121

A system or application that provides access to secure data through the use of an identity provider

Answer 121

Relying Party

Question 122

A system for designing and implementing networked applications by utilizing a stateless, cacheable, client/server protocol, almost always via HTTP

Answer 122

Representational State Transfer (REST)

Question 123

A key component of the change management process that involves a formal documented change request, including what change is needed, why it is needed, the urgency of the change and the impact if the change is not made

Answer 123

Request for Change (RFC)

Question 124

The aggregation and allocation of resources from the cloud provider to serve the cloud customers

Answer 124

Resource Pooling

Question 125

The ability of a cloud customer to recovery all data and applications from a cloud provider and completely remove all data from the cloud providers environment

Answer 125

Reversibility

Question 126

Security technology and systems integrated into a system or application that enables it to detect and prevent attacks in real time

Answer 126

Runtime Application Self Protection (RASP)

Question 127

The segregation and isolation of information or processes from others within the same system or application, typically for security concerns

Answer 127

Sandboxing

Question 128

A computing system or application that processes data

Answer 128

Service

Question 129

A document agreed upon between a customer and a service provider that defines and maps out minimum performance standards for a variety of contract requirements. An SLA typically includes minimum standards for processes, uptime, availability, security, auditing, reporting, customer srrvice and potentially many other requirements

Answer 129

Service Level Agreement (SLA)

Question 130

An organization that provides IT services and applications to other organizations in a sourced manner

Answer 130

Service Provider (SP)

Question 131

A system of providing IT applications and data services to other components through communications protocols over a network, independent of any particular technology, system, provider or implementation

Answer 131

Service Oriented Architecture (SOA)

Question 132

This is a proven methodology for developing business driven risk and opportunity focused security architectures, at both the enterprise and solutions levels, that traceable support business objectives. It is widely used for information assurance architectures and risk management frameworks as well as to align and seamlessly integrate security and risk management into IT architecture methods and frameworks. SABSA is composed of a series of integrated frameworks, models, methods and processes and can be sued independently or as a holistic, integrated enterprise solution

Answer 132

Sherwood Applied Business Security Architecture

Question 133

A messaging protocol that is operating system agnostic and used to communicate with other systems through HTTP and XML

Answer 133

Simple Object Access Protocol (SOAP)

Question 134

The monetary value assigned to the occurrence of a single instance of risk or exploit to an IT service, application or system

Answer 134

Single Loss Expectancy (SLE)

Question 135

Audit and accounting reports, focused on an organizations controls, that are employed when providing secure services to users

Answer 135

SOC 1/SOC 2/SOC 3

Question 136

The capability provided to the customer to use the providers applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web rbwoser, or a program interface. The consumer does not manage or control the underlying infrastructure, including the network, servers, OS, storage and even individual application capabilities, with the possible exception of limited user specific application settings

Answer 136

Software as a Service (SaaS)

Question 137

An automated process that scans a codebase to identify any code that is from an open source package or repo. It is crucial for both security and license compliance

Answer 137

Software Composition Analysis (SCA)

Question 138

An approach to separate the network configurations for the control plane and the data plane. This allows an abstraction for network admins to configure and control those aspects of the network important to modern systems and applications without having to get involved with the actual mechanisms for forwarding network traffic

Answer 138

Software Defined Networking

Question 139

A defined period of time for development to be accomplished with running list of deliverables that are planned one sprint in advance

Answer 139

Sprint

Question 140

A method used by malicious actors to insert SQL Statements into a data driven application in various input fields, attempting to get the application to access arbitrary code and return the results to the attacker. This could include attmpets to access a full database or the protected data within it or to modify or delete data

Answer 140

SQL Injection

Question 141

Security testing of applications by analyzing their source code, binaries and configurations. This is done by tested who have an in depth knowledge of systems and applications, with the testing performed in a nonruninng state

Answer 141

Static Application Security Testing

Question 142

One or more cloud customers who share access to a pool of resources

Answer 142

Tenant

Question 143

An open enterprise architecture model intended to be a high level approach that design teams can use to optimize success, efficiency and returns throughout a systems lifecycle

Answer 143

The Open Group Architecture Framework

Question 144

The process of replacing and substituting secured or sensitive data in a data set with an abstract or opaque value that has no use outside of the application

Answer 144

Tokenization

Question 145

An evaluation of the content of data packets flowing into and in some cases, out of a network

Answer 145

Traffic Inspection

Question 146

A program or application used to trick a user or administrator into executing an attack by disguising its true intention

Answer 146

Trojan

Question 147

The security concept of separating systems and data into different levels (or zones) and applying security methods and practices to each zone, based on the requirements of that particular group of systems. In many instances, zones of a higher degree of trust may access those with a lower degree, but not vice versa

Answer 147

Trust Zone

Question 148

The optimization of a cloud computing resources for a particular stack or vertical, such as a specific type of application or system, or by a particular industry sector or need

Answer 148

Vertical Cloud Computing

Question 149

A computing environment that is a software implantation running on a host system, versus a physical hardware environment

Answer 149

Virtual Host or Virtual Machine

Question 150

A VPN facilitates the extension of a private network over public networks, and it enables a device to operate as if it were on the private network directly. A VPN works by enabling an encrypted point to point connection from a device into a private network, typically through software applications, but this also can be done via hardware accelerators

Answer 150

Virtual Private Network

Question 151

A type of rootkit installed in a virtualized environment between the underlying host system and the virtual machine. It is then executed and used when the virtual machine is started. A VM based rootkit is very difficult to detect in an environment, but its also very difficult to successfully implement

Answer 151

VM based rootkit

Question 152

A more typical or standard file system used with IaaS that provides a virtual partition or hard disk to a virtual machine. It would be used just like a traditional hard drive, with file system, folders, and file organization methods

Answer 152

Volume Storage

Question 153

A traditional development methodology where projects are divided into phases that must be fully developed, tested, approved, and implemeted before moving onte the next phase

Answer 153

Waterfall

Question 154

An appliance of software plug in that parses and filters HTTP traffic from a browser or client and then applies a set of rules before the traffic is allowed to proceed to the actual application server

Answer 154

Web Application Firewall (WAF)

Question 155

A web based application that provides tools, reporting and visibility for a user into multiple systems. In a cloud environment, a web portal provides metrics and service capabilities to add or expand for the customer to consume

Answer 155

Web Portal

Question 156

An appliance implemented within a network to secure and manage XML traffic. it is particularly used within a cloud environment to help integrate cloud based systems with those still residing in traiditonal data centers

Answer 156

XML appliance